chore: update workflow and add separate yml files for hosts

2025-10-11 18:52:15 +10:00
parent d08ee33972
commit 21997f3c33
7 changed files with 202 additions and 202 deletions
--- a/internetfacing.yml
+++ b/internetfacing.yml
@@ -0,0 +1,35 @@
+---
+- name: Install fail2ban on internet facing servers
+  hosts: internetfacing
+  become: true
+  roles:
+    - role: grzegorzfranus.fail2ban
+      vars:
+        fail2ban_ignoreip:
+          - 127.0.0.1/8 # loopback
+          - 10.0.0.0/8 # Private
+          - 172.16.0.0/12 # Private
+          - 192.168.0.0/16 # Private
+          - 169.254.0.0/16 # link-local / APIPA
+          - 100.64.0.0/10 # CGNAT
+          - 203.0.113.0/24 # TEST-NETs
+          - 192.0.2.0/24 # TEST-NETs
+          - 198.51.100.0/24 # TEST-NETs
+          - ::1 # ULA - fc00::/7 # Private
+          - fe80::/10 # Private
+        fail2ban_bantime: "1h"
+        fail2ban_findtime: "30m"
+        fail2ban_maxretry: 3
+        fail2ban_custom_jail_files:
+          - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf
+            content: |
+              [sshd-strict]
+              enabled = true
+              filter = sshd
+              port = ssh
+              logpath = journal
+              backend = systemd
+              maxretry = 3
+              bantime = 3600
+              findtime = 300
+